Proxmox + PFSense routing?
- Thread starter lixaotec
- Start date
here are some pics
Attachments
Last edited:
firewall logs show no activity. i have the test 3322 port forward to do logging.
So i think the issue is with routing at the switches.
the switch runs nvidia linux . it is a debian based system.
routing is done using frr [ i barely understand ] .
here is parts of /etc/frr/frr.conf
10.1.0.2 is hardware pfsense off of swp24
and vlan2 from interfaces
this is the bridge on witches
so vlan2 and hardware pfsense work OK.
now config for virtualized pfsense on switch.
I think the issue is that a route to 166.130.173.1 has to be added. however i assumed frr somehow just auto does that by learning routes.
So i think the issue is with routing at the switches.
the switch runs nvidia linux . it is a debian based system.
routing is done using frr [ i barely understand ] .
here is parts of /etc/frr/frr.conf
Code:
ip route 0.0.0.0/0 10.1.0.2 30
Code:
auto swp24
iface swp24
bridge-pvid 2
Code:
auto vlan2
iface vlan2
address 10.1.0.13/24
address-virtual 00:00:5e:00:01:00 10.1.0.1/24
vlan-id 2
vlan-raw-device bridge
mstpctl-bpduguard yes
mstpctl-portadminedge yesthis is the bridge on witches
Code:
auto bridge
iface bridge
bridge-ports swp22 swp23 swp24 peerlink bond1 bond2 bond3 bond4 bond5 bond6 bond7 bond8 bond17 bond18 bond19 bond21 bond25 bond26 bond27 bond28 bond29 bond30 bond31 bond32
bridge-pvid 8
bridge-vids 2-250
bridge-vlan-aware yes
mstpctl-treeprio 4096so vlan2 and hardware pfsense work OK.
now config for virtualized pfsense on switch.
Code:
auto swp23
iface swp23
bridge-pvid 250
auto vlan250
iface vlan250
address-virtual 00:00:5e:00:01:00 166.130.173.3/24
vlan-id 250
vlan-raw-device bridgeI think the issue is that a route to 166.130.173.1 has to be added. however i assumed frr somehow just auto does that by learning routes.
It does look like a routing error
12 101 ms 121 ms 97 ms 12.83.170.29
13 94 ms 94 ms 94 ms 12.249.2.22
14 93 ms 97 ms 94 ms mobile-166-216-138-29.mycingular.net [166.216.138.29]
15 94 ms 94 ms 98 ms mobile-166-185-045-172.mycingular.net [166.185.45.172]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
there would seem to be no route from 166.185.45.172 - does that ring any bells?
12 101 ms 121 ms 97 ms 12.83.170.29
13 94 ms 94 ms 94 ms 12.249.2.22
14 93 ms 97 ms 94 ms mobile-166-216-138-29.mycingular.net [166.216.138.29]
15 94 ms 94 ms 98 ms mobile-166-185-045-172.mycingular.net [166.185.45.172]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
there would seem to be no route from 166.185.45.172 - does that ring any bells?
yes noticed that. we will be trying a wired WAN instead of that backup wireless lan later in the week. we purchased another wired wan which is getting intalled tomorrow - so will use that.
the wan device works fine as WAN2 at hardware pfsense. NAT works.
at the pf vm , firewall log shows a green pass when i do this from off site :
however i do not get to the linux test system when i run the ssh test .
that test works when WAN2 is connected to hardware pf.
at the pf vm , firewall log shows a green pass when i do this from off site :
Code:
ssh -p 3322 IPhowever i do not get to the linux test system when i run the ssh test .
that test works when WAN2 is connected to hardware pf.
NO !
thank you for suggesting that test.
our new WAN connection has not arrived, when it does we'll repeat that test.
I would also try and establish if WAN2 works when connected to WAN1 on the hardware pfsense - you may need to see if the WAN address is static or assigned and make the relevant changes, reverting back once you've established that WAN2 is working.
I am also facing the same issue can you explain me how you figure out your isp modern doesnt support that